Wednesday, December 15, 2010

DDDoS: a Diverse Distributed Denial of Service. A 3DoS.

If Anonymous has taught us anything it’s that the future of information security is in fending off attacks across the breadth and depth of the network stack – and the data center architecture – at the same time. Traditionally DDoS attacks are so-named because the clients are distributed; that is they take advantage of appearing to come from a variety of locations as a means to prevent detection and easy prevention. It’s about the massive scale of a single type of attack as launched by a single attacker (individual or group). But the WikiLeaks attacks have not just been distributed in the sense that it is a concerted effort by distributed attacks to take out sites, it’s been distributed in the sense that it spans the network stack from layer 2 through layer 7. It’s not just a DDoS, it’s a DDDoS: a Diverse Distributed Denial of Service. A 3DoS.

The result is a flash-crowd style flood of attacks that overwhelm not only the site, but its infrastructure. Firewalls have become overwhelmed, ISPs have been been flooded, services have been disrupted. All because the attacks are not a single concerted effort to disrupt service but a dizzying array of SYN flood, TCP connection flooding, pings of death, excessive HTTP headers and SlowLoris, and good old fashioned HTTP GETs flooding. These attacks are happening simultaneously, directed at the same service, and they’re doing a good job in many cases of achieving its goals: service outages. That’s because defeating an attack is infinitely easier than detecting it in the first place, particularly at the application layer. It’s nearly impossible for traditional security measures to detect because many of the attacks perpetrated at the application layer appear to be completely legitimate requests; there’s just a lot more of them.

Traditional solutions aren’t working. Blocking the attack at the ISP has proven to be too slow and unable to defend against the (new) distributed nature of these attacks. Firewalls have buckled under pressure, unable to handle the load, and been yanked out of the line of fire, being replaced with other technology more capable of fending off attacks across the entire network stack. And now it’s been reported that a Java Script DDoS is in the works, aimed again at MasterCard.


What this means is organizations need to be thinking of security as spanning all attack vectors at the same time. It is imperative that organizations protect critical applications against both traditional attack vectors as well as those at the application layer disguised as image_thumb_2[1] legitimate requests. Organizations need to evaluate their security posture and ensure that every infrastructure component through which a request flows can handle the load in the event of a massive “3DoS”. It’s not enough to ensure that there’s capacity in the application infrastructure if an upstream network component may buckle under the load.

And it’s costly to leverage virtualization and cloud computing as a means to automatically scale to keep ahead of the attack. The price of uptime may, for some organizations, become overwhelming in the face of a targeted 3DoS as more and more capacity is provisioned to (hopefully) handle the load.

Organizations should look for strategic points of control within their architectures and leverage capabilities to detect and prevent attacks from compromising availability. In every data center architecture there are aggregation points. These are points (one or more components) through which all traffic is forced to flow, for one reason or another.

For example, the most obvious strategic point of control within a data center is at its perimeter – the router and firewalls that control inbound access to resources and in some cases control outbound access as well. All data flows through this strategic point of control and because it’s at the perimeter of the data center it makes sense to implement broad resource access policies at this point. Similarly, strategic points of control occur internal to the data center at several “tiers” within the architecture. For web applications, that strategic point of control is generally the application delivery controller (load balancer for you old skool architects). Its position in the network affords it the ability to intercept, inspect, and manipulate if necessary the communications occurring between clients and web applications.

These points of control are strategic precisely because their topological location within the architecture provides the visibility necessary to recognize an attack at all layers of the network stack and apply the proper security policies to protect resources downstream that are not imbued with a holistic view of application usage and therefore cannot accurately determine what is legitimate versus what is an attack.

Old notions of “security” have to evolve, especially as the application itself becomes an attack vector. The traditional method of deploying individual point solutions, each addressing a specific type or class of attack, is failing to mitigate these highly distributed and context_2[1] diverse attacks. It’s not just the cost and complexity of such a chained security architecture (though that is certainly a negative) it’s that these solutions are either application or network focused, but almost never both. Such solutions cannot individually recognize and thus address 3DoS attacks because they lack the context necessary to “see” an attack that spans the entire network stack – from top to bottom.

An integrated, unified application delivery platform has the context and the visibility across not only the entire network stack but all users – legitimate or miscreant – accessing the applications it delivers. Such a platform is capable of detecting and subsequently addressing a 3DoS in a much more successful manner than traditional solutions. And it’s much less complex and costly to deploy and manage than its predecessors.

The success of Anonymous in leveraging 3DoS attacks to disrupt services across a variety of high-profile sites will only serve to encourage others to leverage similar methods to launch attacks on other targets. As the new year approaches, it’s a good time to make an organizational resolution to re-evaluate the data center’s security strategy and, if necessary, take action to redress architectures incapable of mitigating such an attack.

Wikileaks movie....what all the fuss is about!

We have reverse engineered the opt in bot net malware (LOIC)

We have reverse engineered the opt in bot net malware (LOIC) and have been briefing our large global online presences on this particular threat as we provide ongoing threat alerts and briefings as part of our service.

As as sign of good will and information sharing, we are available to brief you as well - perhaps there will be some valuable data that could be of use to your organisation.

Feel free to get in touch to arrange a date and time.

How was it that a loosely-coupled group of cyber-protestors could launch -- with varying degrees of success -- targeted distributed denial-of-service (DDoS) attacks against sites such as MasterCard, PayPal, PostFinance, and the website belonging to a Swedish prosecutor?
Turns out it's quite simple. All an attacker need do is download the open source network stress testing tool known as LOIC (the Low Orbit Ion Cannon) that is widely available. Launching an attack with LOIC is mind-numbingly easy: just point and shoot. LOIC will then flood the target with HTTP requests, UDP and TCP packets.

Those participating in the pro-Wikileaks riots could operate on their own, or choose to connect their system to the "LOIC Hivemind" voluntary botnet that is centrally controlled by those behind Operation Payback.
Since the launch of the attacks, LOIC has been downloaded nearly 70,000 times.
Cyber protestors engaging in digital rioting such as web-site defacements, and denial-of-service attacks, and even inserting messages in malware have existed for some time. Such attacks being highly connected isn't new, either. They have been socializing on message boards and instantly communicating in Internet Relay Chat for many years.
What is new is the ease of which a tool such as LOIC can be put into action. "LOIC is extremely easy to use. It is designed so someone with little or no technical knowledge can quickly download and install it, and participate in DDoS activities," said Alex Cox, principal analyst at security firm NetWitness. "It also has the ability to be remotely controlled by a central IRC server, so that more technically competent operators can direct attacks en masse at targets, regardless of the participant's technical knowledge."
"There is a false belief that we are fending off casual attackers," said Joshua Corman, research director, enterprise security at the 451 Group. "However, I don't think the casual attacker exists any more. Just consider how powerful tools like Metasploit have become. There's also the malware kits that make obfuscating malware or building botnets trivial. You don't need to know anything to launch a successful attack anymore," said Corman.
Anyone on the receiving end of a LOIC packet burst would be sure to agree, and how technically savvy the attacker happens to be is made mute by the ease and power of the attack.
Cox agrees: "The attacker landscape is moving more toward "point-and-click" attack and exploitation tools. This is reflected in the many crimeware systems available in the underground, which includes DDOS, do-it-yourself botnet kits (Zeus, Spyeye, and many others) as well as exploit kits," he said. "In the past you had to have a certain amount of technical skill to participate, but now anyone can."
For security practitioners the big story within the pro-Wikileak and LOIC attacks may not have much to do about Wikileaks and the legalities or the politics of it all -- and everything to do about how swiftly, and easily, online attackers can be called into action against any target they wish.

Monday, December 13, 2010

Friday, December 10, 2010

Police arrest boy of 16 over WikiLeaks attacks

Twitter and Facebook have also deleted accounts believed to be affiliated with Anonymous

Dutch authorities have arrested a 16-year-old boy in relation to the cyberattacks against Visa, MasterCard and PayPal, which were aimed at punishing those companies for cutting off services to WikiLeaks.
The boy was arrested in The Hague, and he will be arraigned before a judge on Friday in Rotterdam, according to a press release from the Netherlands' Public Prosecution Service. The boy, whose computer equipment was seized, has allegedly confessed to taking part in the attacks.
The Public Prosecution Service said he is likely part of a larger group of hackers.
The arrest follows a series of distributed denial-of-service (DDOS) attacks aimed at websites that have been critical of WikiLeaks, which has been releasing portions of 250,000 secret US diplomatic cables since late last month. The attacks seek to overwhelm websites and services by sending streams of meaningless traffic.
Part of the attacks originated in the Netherlands and the main site coordinating the attacks,, was hosted in a Dutch data center in Haarlem. The site is down since police actions Wednesday.
Right after the police found out that there were cyberattacks coming from the Netherlands, the Team High Tech Crime started an investigation, the Dutch attorney general reported.
The attorney general also noted that "probably thousands of computers" took part in the attacks. The police are still investigating and will probably arrest more people.
Since the release of the documents began, several companies have decided to cut WikiLeaks off from their services, including PayPal, MasterCard, Visa and the Swiss payment transaction firm PostFinance, where WikiLeaks founder Julian Assange held an account.
In response, a loose affiliation of hackers called Anonymous have orchestrated DDoS attacks against those websites over the past two days or so, knocking many of the sites offline. The group has dubbed that effort "Operation: Payback." Other websites that have been attacked include those of vocal critics of WikiLeaks, including US Senator Joseph Lieberman and former Alaska Governor and vice presidential candidate Sarah Palin.
Twitter and Facebook have also deleted accounts believed to be affiliated with Anonymous.
On Thursday, BBC Radio 4  broadcast an interview with a 22-year-old who goes by the nickname "Cold Blood" and claims he is part of Anonymous. Cold Blood, who appeared in the BBC's studios, said that more people were downloading a botnet tool that enables them to perform a DDoS attack.
The campaign is aimed at companies that have decided not to deal with WikiLeaks, Cold Blood said, and is also a protest against what Anonymous believes is increasing control over the Internet by governments and the European Union.
"We are trying to keep the Internet open and free for everyone," said Cold Blood, who described himself as a software engineer.
WikiLeaks and its founder and editor Assange have come under fierce criticism from U.S. government officials and politicians for releasing the information, which is believed to have been leaked to the site by US Army Private Bradley E. Manning.
Manning has been charged with mishandling and transferring classified information in connection with the cables and a video of an Apache helicopter shooting civilians in Iraq.

New "Darkness" Botnet as Ominous as It Sounds

Security researchers are in a tizzy over a new botnet they’re calling “Darkness,” or if you want the full name, “Destination Darkness Outlaw System” (D.D.O.S.), ComputerWorld reports.
Here’s the sales pitch — for just $50, Darkness operators promise their clients they’ll be able to flummox large sites with an army of just 1,000 bots, and security experts don’t doubt that claim.
“Upon testing, it was observed that the throughput of the attack traffic directed simultaneously at multiple sites was quite impressive,” said the Shadowserver Foundation. “As with BlackEnergy, ‘Darkness’ is easy to purchase, easy to deploy, and is very effective and efficient in what it does.”
Darkness botnet operators advertise a laundry list of devious features, including the ability to choose and pick several URLs for each site, the ability to overwhelm an average site with just 30 bots, it can run as a Windows service, the inclusion of both an English and Russian GUI, and much more.
“It now appears that ‘Darkness’ is overtaking BlackEnergy as the DDoS bot of choice,” Shadowserver Foundation notes. “There also appear to be no shortage of buyers looking to add ‘Darkness’ to their botnet arsenal.”

Operation Leakspin....

If this image is to be believed—and I have no reason not to, other than that I found it on the internet—the rebel squadrons behind Anonymous (attn. "news" hacks - that would be an entirely different group from Wikileaks and/or Wikipedia) are about to change their approach. So far, as we've witnessed, they have been launching point-and-click distributed denial of service (DDoS) attacks at companies perceived as the enemies of Wikileaks. Those targets included Mastercard, Paypal, and Visa (companies that froze donation funding), and Amazon (which denied hosting services). The new approach suggests more sophisticated thinking. This new mission, apparently, is to actually read the cables Wikileaks has published and find the most interesting bits that haven't been publicized yet, then publicize them.
In my opinion, this action would have far more positive impact. Anonymous often repeats the Orwell quote, "In a time of universal deceit, telling the truth becomes a revolutionary act." Looks like they decided to take those words to heart.

Wednesday, December 8, 2010

Wikileaks a stirring pot...!

DDoS Wars ...and now Mastercard!

Online hacktivist collective Anonymous, operating under the banners Operation:Payback and "Operation Avenge Assange" have launched a series of DDoS attacks against organisations and people seen as being opposed to Wikileaks and its spokesman Julian Assange.
Meanwhile, Operation:Payback itself has been subjected to counter-DDoS attacks thought to originate with US "patriotic" contra-hacktivistas.
Sites attacked by the Anonymous group have included, belonging to the Swiss bank which recently froze an account controlled by Assange, and also - the main blog operated by PayPal, targeted for refusing to process Wikileaks contributions. DNS outfit EveryDNS has also come into the Operation:Payback gunsights for cutting off Wikileaks' DNS service, saying that online attacks targeted at the leak site were crippling its other customers.
Over the last couple of days, other sites have been DDoS'd for various reasons by the Anonymous group, including the Swedish lawyers representing the women Assange is alleged to have committed sexual offences against. Charges made by Swedish prosecutors have since resulted in the issue of a European arrest warrant and Assange was yesterday cuffed in London: British judges have elected to refuse bail and the colourful Wikileaks impresario is now in jail pending an extradition hearing.
This process has angered the members of Operation:Payback sufficiently that they have also elected to mount strikes against the website of the Swedish prosecutors' office and briefly, according to anonymous* claims received by the Reg, against Interpol. (Interpol did issue a "Red Notice" calling for Assange's arrest at the behest of Swedish authorities, but in fact this has no relevance for British police dealing with a request from another EU nation: in such cases a European warrant is required for the UK cops to act.)
Yesterday, the Anonymous hacktivists decided to attack the site of US Senator Joe Lieberman as well, presumably as a result of remarks he has made describing Wikileaks operations as crimes violating the US Espionage Act - and hinting that Wikileaks' mainstream-media partners, collaborating on trawling and redacting files prior to public release, have violated the law also.
Some Operation:Payback members also elected to attack the site of former Alaska governor and vice-presidential candidate Sarah Palin for suggesting that Assange should be hunted down like a terrorist.
The Anonymous attacks have been run on through a chatroom, with users attaching their computers to a voluntary botnet for use in the DDoS strikes. Panda Security reported that as the Lieberman attacks began there were almost 1,000 users in the chatroom and nearly 600 machines in the botnet.
Naturally enough Operation:Payback itself has been subject to counter-DDoS efforts of varying strength almost since it began, but following the decision to attack Lieberman's official US government site the Anonymous operation began to be hit much harder and suffered dozens of outages itself, one lasting almost two hours. Panda Security analysts assessed that the intensified counter-DDoS attacks were coming from self-described American "patriot" hackers - playing contra to the Anonymous hacktivistas, perhaps.
Meanwhile US Army private soldier Bradley Manning, believed to have supplied not only the vast stash of diplomatic cables now being drip-fed by Wikileaks but most of its previous significant material as well (the Baghdad gunship videos, Iraq and Afghanistan "war logs" etc) remains in military prison charged with an array of security violations. His name is seldom mentioned any more in the ongoing saga of Wikileaks, Assange and the online scufflers aligned with and against them.
Operation:Payback uses a banner quote from John Perry Barlow, a founder of the Electronic Frontier Foundation:

Friday, December 3, 2010

“Mega-D” botnet taken down

Federal investigators have identified a 23-year-old Russian man as the mastermind behind the notorious “Mega-D” botnet, a network of spam-spewing PCs that once accounted for roughly a third of all spam sent worldwide.
According to public court documents related to an ongoing investigation, a grand jury probe has indicted Moscow resident Oleg Nikolaenko as the author and operator of the Mega-D botnet.
Federal agents settled on Nikolaenko thanks to information provided by Lance Atkinson, an Australian man named as a co-conspirator in the “Affking” e-mail marketing and counterfeiting operation that was shuttered in 2008 after investigations by the FBI, the Federal Trade Commission and international law enforcement authorities. The Affking program generated revenues of $500,000 a month using spam to promote counterfeit Rolexes, herbal “male enhancement” pills and generic prescription drugs.
As part of his guilty plea to spam violations, Atkinson provided investigators information on the top spammers who helped to promote the Affking products. Among them was an affiliate who used the online nickname “Docent,” who earned nearly $467,000 in commissions over a six month period in 2007.
Atkinson told investigators that Docent’s commissions were sent to an ePassporte account, under the name “Genbucks_dcent,” that was tied to the e-mail address “” Records subpoenaed by the grand jury found that the ePassporte account was registered in Nikolaenko’s name to an address in Moscow.
According to court documents, investigators found numerous executable files in Docent’s Gmail inbox. Those files were analyzed by researchers at SecureWorks, an Atlanta based security firm, which found them to be samples of the Mega-D malware.
Update: [Nikolaenko was reportedly arrested in the United States recently. See update at the end, after the jump.]

But U.S. investigators missed at least two chances to apprehend Nikolaenko: The grand jury said a review of U.S. State Department records indicate that Nikolaenko entered the United States in Los Angeles on July 17, 2009, and left the country ten days later. He returned to the U.S. on Oct. 29, 2009, entering from New York and visiting Las Vegas before exiting the country on Nov. 9 from Los Angeles.
Investigators say Nikolaenko was supposed to leave Los Angeles on Nov. 11, but cut his trip short by two days. They concluded that the 23-year-old left early because he wanted to get home to repair damage that security experts had inflicted on his botnet. On Nov. 4, 2009, researchers from Milpitas, Calif. based FireEye executed a “stun” attack on Mega-D by seizing control over the botnet’s control networks.
“Based on the timing of the Fireeye attack on the Mega-D botnet, I believe that Nikolaenko left the U.S. early to repair damage caused by Fireeye,” wrote Special Agent Brett E. Banner, in the government’s complaint against Nikolaenko.
After the FireEye takedown, spam from Mega-D all but disappeared. But in the days following his return to Moscow, the botnet recovered gradually, and by Nov. 22, spam from Mega-D was back to pre-takedown activity levels. By Dec. 13, Mega-D was responsible for sending nearly 17 percent of spam worldwide, according to security vendor M86 Security.
Joe Stewart, a senior security researcher at SecureWorks, said that at the beginning of Nov. 2009, there were at least 120,000 computers infected with Mega-D that were relaying spam, but Stewart said he hasn’t seen any signs of activity from Mega-D over the past several months.
While Mega-D may be dead, information obtained by suggests that Nikolaenko has nonetheless continued spamming, and that, until at least June 2010, he was a top-earning affiliate for Prior to its closure at the end of Sept. 2010 — Spamit was the world’s most active affiliate program for promoting knockoff prescription drugs.
A Spamit affiliate using the same “” address made nearly $81,000 in the first five months of 2010 promoting online pharmacies for Spamit. The earnings were deposited into the same “Genbucks_dcent” ePassporte account named in the criminal complaint against Nikolaenko. It’s not clear whether Nikolaenko was able to enjoy all of those earnings: ePassporte also went belly-up in September, leaving thousands of customers without access to millions of dollars in funds.
Update, Dec. 2, 5:40 p.m. ET: The Milwaukee-Wisconsin Journal Sentinel reports that Nikolaenko was arrested after entering the United States to attend a car show in Las Vegas. He is is scheduled to make his initial court appearance in Milwaukee on Friday.

Wikileaks Domainless

The DNS of and have been erased in a move that may torpedo efforts to access the websites.
Amazon has terminated its cloud services relationship with the whistleblower site after pressure from a US government committee, according to a US senator

The websites can still be accessed via their IP addresses - and, respectively, according to a Wikileaks list of IP address mirrors. Alternatives are also on the mirror site.
However, the DNS registration that allows a user to enter an alphabetical web address, such as, no longer exists. Users attempting to type in the address will be served a blank page.
Wikileaks' DNS provider pulled the DNS registration at 10pm EST (3am GMT) after the site suffered a massive distributed denial-of-service (DDoS) attack. said in a post on its site that it had done so because the DoS contravened acceptable use policy.

Tuesday, November 23, 2010

The Botnet Threat

The challenge for CIOs and law enforcement is countering a very sophisticated threat that is entering a hyper-growth stage. With increased revenue comes increased investment in new tools and better techniques. This blended threat cycle feeds on itself and is growing bigger every day.

One of the main challenges for CIOs is recognizing there is a problem. Unlike standard spyware or adware, a bot's malware infection can install kernel-level rootkits that modify many of the tools and libraries upon which all programs on the system depend and allow it to hide from standard anti-virus, intrusion detection, or anti-spyware applications. CIOs generally become aware of botnet infiltrations through end-user complaints about performance issues, third-party reports of attacks originating from their IP space, victims' reports of DDoS floods, detection of excessive inbound or outbound port scanning, or unusual traffic patterns on the network. In other words, most times, it's difficult to know if a bot or bots have infected the network until it is too late.

As the black market for malicious code and stolen information grows, botnets are quickly becoming the tool of choice for those with malicious intent. Like mainstream service providers, botnets will evolve to reflect the demands of the market. They will add features over time to spread quicker, harvest more specific information, and perpetrate DDoS attacks more efficiently. CIOs can expect to see security vendors roll out new approaches to combat the threat. In the meantime, it is important that they stay vigilant to protect individuals, intellectual property, and their organization's critical infrastructure.

Thursday, November 18, 2010

Who is Annonymous?

Operation Payback

A voice of the people for the people!

We’ve been following Operation Payback closely since it surfaced back in early September and even after two months of strikes against antipiracy advocates, little is known about the group behind the DDoS attacks. Known simply as Anonymous, the DDoS participants remain shrouded in mystery and undoubtedly prefer to remain that way.
This week, TorrentFreak was able to speak with some of the members of Anonymous and gain some insight as to who they are and why they choose to participate in Operation Payback missions. According to one spokesperson who talked with the website, there are two main groups that make up Anonymous.
A core group, made up of about a dozen members, plans and manages the organization’s activities. Another, much larger group actually assists in carrying out the DDoS strikes. Most are geeks, file-sharers, and programmers.
“The core group is the #command channel on IRC. This core group does nothing more than being some sort of intermediary between the people in that IRC channel and the actual attack,” the spokesperson claims. “Another group of people on IRC (the main channel called #operationpayback) are just there to fire on targets.”
While it’s clear from the name Operation Payback why Anonymous is carrying out their attacks, it hasn’t been well explained what the group actually wanted to accomplish by causing disruptions to organizations like the RIAA and MPAA. It would seem that they are rallying for an end to copyright laws, but that isn’t exactly the case.
“Some of us have the vision of actually getting rid of copyright/patents entirely, but we are at least trying to stay slightly realistic,” explains the group’s spokesperson.
And Anonymous does believe that they’ve made some mistakes along the way and hope to improve in the future. While some members of the group believe that anarchy is the answer, the core group seems to harbor some regret in having executed the attacks on the UK Intellectual Property Office and the US Copyright Office.
So where does Operation Payback go from here?
“What we are now trying to do, is to straighten out ideals, and trying to make them both heard and accepted,” the spokesperson told TorrentFreak. “Nobody would listen to us if we said piracy should be legal, but when we ask for copyright lifespan to be reduced to ‘fair’ lengths, that would sound a lot more reasonable.”
From the sounds of the statements made by Anonymous members, there seems to be much less animosity and more rational consideration going on in this stage of the group’s mission. Time will tell if this change of attitude helps the group gain more traction in accomplishing revisions to copyright law.

South Korea has installed digital "bunkers" to prevent a repeat of the massive distributed-denial-of-service (DDoS) attacks that crippled parts of the country last year.


South Korea is continuously under DDoS attack.....

The nation was floored after huge streams of junk internet data poured across South Korea's networks last year, targeting the infrastructure of government and businesses in what is known as a DDoS attack.
It took-out parts of the communications networks for up to a week, also hitting US targets, before the malware behind the DDoS attacks self destructed.

He said there have not been further DDoS attacks on the scale of the 2009 assaults, but that attacks have increased in size. The bunkers are hoped to help mitigate part of the problem against further attacks.

Monday, November 15, 2010

DDoS as a Service......

The IMDDOS botnet is operated out of China and has been growing at the rate of about 10,000 infected machines every day for the past several months, to become one of the largest active botnets.

The site offers various subscription plans and attack options, and provides tips on how the service can be used to launch effective DDoS attacks. It even provides customers with contact information for support and customer service.
Anyone with knowledge of Chinese can essentially subscribe to the service and use it to initiate DDoS attacks against targets of their choice, anywhere around the globe and with next to no effort, Ollman said.
Paid subscribers are provided with a unique alias and a secure access application which they download on to their systems. Users wishing to launch an attack use the application to log into a secure area on the Web site where they can list the hosts and servers they want to attack and submit their request.

Many of the hacking tools and services sold on such sites are inexpensive, highly customizable and designed to be used by novices. Prices for malware tools often start at just $20.
As in the case of the IMDDOS botnet, such sites often offer support services, formal product upgrades, end-user license agreements and tools that let customers verify how effective their attacks really are.

Friday, November 12, 2010

Planned DDoS attack against Irish Recorded Music Association (IRMA).


Operation Payback was supposed to be on a break for a while, but that was before the word got out that the FBI was investigating their activities. The attempt to carry out an attack this soon could be a not-so-subtle message to the FBI that they are undeterred.
The group still has quite a list of possible targets that they have yet to hit, most of which are outside of the United States. Where they will strike next is anyone’s guess.

Thursday, November 11, 2010

Romanian Hacker takes down Royal Navy web site

A Romanian hacker known as 'Tinkode' who has been connected to attacks on sites run by Nasa and the US Army took down the Website of the Royal Navy!! The cause of the attack is believed to be an SQL code injection vulnerability. Such methods have been used in the past to trigger major security breaches.

Tinkode's activities appear to be have been more mischievous than dangerous...

Currently the site displays a window notifying visitors that the site is undergoing essential maintenance.

The attack comes just days after the pan European Cyber-war simulation. The drill attempted to recreate a co-ordinated effort to cripple network infrastructure throughout Europe, and test international cyber defence systems and agencies......codenamed 'Cyber Europe 2010'.

RIAA vs Lime Wire

Lime Wire is back after less than a month of being shutdown......... 

A four-year law suit brought on by the RIAA on behalf of eight major music publishers, LimeWire was officially shutdown late last month. Federal Judge Kimba Wood found the company, LimeWire LLC, and its founder, Mark Gordon, guilty of assisting users in committing copyright infringement on a "massive scale." Damages expected to total at least $1 billion will be assessed when the case resumes in January 2011.

To quote Chris Pirillo : “Shortly after the software was forced to shut down, a horde of piratical monkeys climbed aboard the abandoned ship, mended its sails, polished its cannons, and released it free to the community.” All dependencies on LimeWire LLC’s servers have been removed, all remote settings have been disabled, the Ask toolbar has been unbundled, and all features of LimeWire PRO have been activated for free. Thus, the creators claim that LimeWire Pirate Edition (LPE) will work better than the last stable version of the old client.
The RIAA better head back to the drawing board. 

Politically provoked DDoS attacks on the increase...

The perpetrators at this stage are unknown, although is an independently run and self reliant news portal of the Tibetan community. This is another perfect example of the increasing infringement on freedom of speech.

Wednesday, November 10, 2010

FBI`s investigations into 4chan 'Anonymous' DDoS attacks


Over the past two months, a group calling itself "Anonymous," with links to the 4chan Web forum and image board, has launched distributed denial-of-service attacks (DDoS) against Web sites operated by the Motion Picture Association of America, The Recording Industry Association (RIAA), Hustler magazine, rocker Gene Simmons, The British Phonographic Industry, and other similar groups in France, Australia, Spain and elsewhere.

Tuesday, November 9, 2010

Dubai ranked amongst top 8 cities suffering from network attacks

67% of attacks on computers located in Dubai are distributed denial of service attacks (DDoS). DDoS attacks are usually performed by utilizing Botnets, mainly aiming to try to disable or limit access to online services located in the country, targeting primarily E-commerce type of websites.

EU runs first pan-European cyber-war simulation


In Thursday's exercise, codenamed 'Cyber Europe 2010', experts from all 27 EU states plus Iceland, Norway and Switzerland faced 'simulated attempts by hackers to paralyse critical online services in several EU member states,' a statement released in Brussels read.

Politically provoked DDoS attacks

A new computer Trojan named Vecebot is a new malware family and has been associated to denial of service (DDoS) attacks against bloggers who have posted critical comments against the ruling Communist Party and Chinese mining operations in the nation, as reported by ThreatPost on October 29, 2010.
According to the analysis, targets of the Vecebot botnet were estimated somewhere between 20,000-30,000 hosts. These hosts included some of the famous blogs and online forums of Vietnam. Further, as per the analysis, the launch of Vecebot might have been synchronized with the "Vietnam Blogger Day" on October 19, 2010, an online civil action to commemorate the launch of a blogger and political detainee who exploited the name Dieu Cay.

Georgia Vs Russia

Officially the war between Georgia and Russia began with a series of distributed denial of service attacks – commonly known in the IT security industry as DDoS attacks – that crippled not only the country’s infrastructure, but its judiciary and its entire government decision-making apparatus.

Saturday, November 6, 2010

First Jail Sentence For Romanian BitTorrent Site Operator

The owner of a Romanian BitTorrent tracker has been the first person in the country to receive a jail sentence for his actions. Following complaints from the Business Software Alliance, was closed in 2007 but it has taken three years for the case to come to a conclusion. The outcome is a 6 month suspended sentence and an unspecified fine.
The Romanian division of the Business Software Alliance has been trumpeting various successes from its work cracking down on the use of unauthorized software.

Former Student Gets 30 Months in Prison for DDoSing Conservative Figures and Using Botnets

Mitchell L. Frost, age 23, of Bellevue, Ohio a former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting Denial of Service Attacks on the sites of several prominent conservative figures as well as infecting several systems with botnet zombies.

The former student also admitted initiating denial of service attacks against University of Akron computer servers on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 1⁄2 hours, preventing all students, faculty and staff members from accessing the network. The University claimed that response and remediation efforts to restore network services cost over $10,000. 

Friday, November 5, 2010

Pulling the plug on a country.......

Burma has been offline since Tuesday, when a massive DDoS attack clogged the country's modest 45 Mbps Internet pipeline with junk traffic hitting at a rate of between 10 and 15 Gbps.....

DDoS attacks by agentless botnets

 Interesting article on http protocol flaws that could result in DDoS attacks by agentless botnets: 

 A flaw in the HTTP protocol leaves the door open for attackers to wage a new form of distributed denial-of-service (DDoS) attack that floods Web servers with very slow HTTP "POST" traffic.

Wednesday, November 3, 2010

A busy week for DDoS

It`s been a busy week for DDoS.....

"The losses a business can incur through a targeted DDoS attack are enormous, even if they're not out of action for long. We have typically found that businesses attempt to protect themselves with dated measures such as over-bandwidth provisioning, which are costly and ineffective", he added.
Bruun went on to say that businesses should consider investing in managed services. For a growing number of organisations, he argues that the most cost-effective and comprehensive solution is a managed DDoS mitigation service.

Tuesday, November 2, 2010

A New Cyber Arms Dealer

DDoS for seems that cyber terrorists are combining forces and setting up shop everywhere, first china now Iran...